Jess Consults Watch on YouTube

Okta and SalesForce SAML SSO Integration

3 min read 1 month ago
Published on Jul 01, 2025 This response is partially generated with the help of AI. It may contain inaccuracies.

Table of Contents

Introduction

This tutorial guides you through the integration of Salesforce with Okta for Single Sign-On (SSO) using the SAML protocol. By completing this integration, users can seamlessly access Salesforce through Okta, enhancing security and improving the user experience.

Step 1: Configure Okta for Salesforce SSO

  1. Log into your Okta Admin Dashboard.
  2. Add a new application:
    • Click on "Applications" in the top menu.
    • Select "Add Application."
  3. Search for Salesforce:
    • In the search bar, type "Salesforce."
    • Click on the Salesforce application from the results.
  4. Configure the application settings:
    • Fill in the required fields such as the application name.
    • Set the sign-on method to SAML 2.0.
  5. Set up SAML settings:
    • Under the SAML settings, provide the following:
      • Single sign-on URL: This is typically the URL for your Salesforce instance.
      • Audience URI (SP Entity ID): Input the Salesforce Entity ID.
      • Default Relay State: Leave it blank or specify if needed.
      • Name ID format: Choose "Email address" or according to your Salesforce setup.
      • Attribute Statements: Add any necessary attributes (e.g., email, first name, last name).

Step 2: Obtain the SAML Metadata from Okta

  1. Save your settings in the Okta application setup.
  2. Download the SAML metadata file:
    • Find the "Identity Provider metadata" link in the SSO tab.
    • Click to download the XML file for later use.

Step 3: Configure Salesforce for Okta SSO

  1. Log into your Salesforce account as an administrator.
  2. Navigate to Setup:
    • Click on the gear icon in the upper right corner and select "Setup."
  3. Search for Single Sign-On Settings:
    • In the Quick Find box, type "Single Sign-On."
    • Select "Single Sign-On Settings."
  4. Create a new SAML configuration:
    • Click on "New" in the SAML section.
    • Fill out the required fields:
      • Name: Provide a name for the SSO configuration.
      • Issuer: Enter the Okta domain name or the SAML Entity ID.
      • Identity Provider Certificate: Upload the certificate from the Okta metadata file.
      • SAML Identity Type: Set it to "Assertion contains the User's Salesforce username."
  5. Save your settings.

Step 4: Test the SSO Integration

  1. Assign users to the Salesforce application in Okta:
    • Go back to the Okta Admin Dashboard.
    • In the Salesforce application, navigate to the "Assignments" tab.
    • Assign users or groups who need access to Salesforce.
  2. Log in through Okta:
    • Open a new browser window and navigate to your Okta login page.
    • Log in using your Okta credentials.
    • Click on the Salesforce application icon.
  3. Verify successful login:
    • Ensure that you are redirected to Salesforce without needing to enter your Salesforce credentials.

Conclusion

Integrating Salesforce with Okta using SAML SSO enhances user convenience while maintaining security. By following these steps, you can successfully set up the integration and streamline the login process for your users. For further customization or troubleshooting, refer to the documentation available on both the Okta and Salesforce websites.

Table of Contents

Recent